CVE-2026-46466
Received
Received - Intake
Authentication Bypass in Dell PowerProtect Data Domain
Vulnerability report for CVE-2026-46466, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-03
Last updated on: 2026-07-03
Assigner: Dell
Description
Description
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | powerprotect_data_domain | From 7.7.1.0 (inc) to 8.7 (inc) |
| dell | powerprotect_data_domain | From 8.6.1.0 (inc) to 8.6.1.10 (inc) |
| dell | powerprotect_data_domain | From 8.3.1.0 (inc) to 8.3.1.30 (inc) |
| dell | powerprotect_data_domain | From 7.13.1.0 (inc) to 7.13.1.70 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-348 | The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack. |